CVE-2023-49955

Name of the Vulnerable Software and Affected Versions Dalmann OCPP.Core versions prior to 1.2.0

Description An issue was discovered in Dalmann OCPP.Core where it does not validate the length of the chargePointVendor field in a "BootNotification" message. This potentially leads to server instability and a denial of service when processing excessively large inputs. The vendor notes that OCPP.Core is intended for use in a protected environment or network.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider implementing input validation for the chargePointVendor field in the "BootNotification" message to prevent excessively large inputs from causing server instability.